대한전자공학회:학술대회논문집 (Proceedings of the IEEK Conference)

대한전자공학회 (The Institute of Electronics and Information Engineers)
권호 표지

엔트로피를 이용한 이상 트래픽 측정: 실제 사례를 통한 접근

Anomalous Traffic Measurement using Entropy: An Empirical Study

  • 김정현 (한양대학교 전자컴퓨터통신공학과) ;
  • 원유집 (한양대학교 전자컴퓨터통신공학과)
  • Kim, Jung-Hyun (Department of Electronics and Computer Engineering Hanyang University) ;
  • Won, You-Jip (Department of Electronics and Computer Engineering Hanyang University)
  • 발행 : 2007.07.11
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Entropy, one of leading metrics on anomalous traffic, attracts researcher's attention since a packet sampling and a traffic volume impact little on entropy value. In this paper, we apply the entropy metric to a domestic network traffic trace which has real anomalous traffics. We used source IP address/port and destination IP address/port that are important attributes of a packet as entropy variable We found that entropy value of multiple-port DoS attack shows something related to a staircase fashion. Also, we show a Possibility of detection of anomalous traffic on small time scale.

키워드